Constructing a transport stream

ABSTRACT

There is disclosed a head-end system in which differently processed copies of content portions are reordered such that copies from different content portions are not interleaved in the final transport stream.

RELATED APPLICATION DATA

This application is the National Stage of International PatentApplication No. PCT/EP2011/069051, filed Oct. 28, 2011, the disclosureof which is hereby incorporated by reference in its entirety.

FIELD OF THE INVENTION

The present invention relates to a method of preparing digital contentfor transmission to a plurality of receivers, a head-end systemimplementing the method, and a system comprising such a head-end and oneor more said receivers. In particular, but not exclusively, theinvention may be implemented in a DVB digital television system, wherethe receivers are set top boxes, television sets or similar, and may beused for example in the implementation of a digital watermarking orfingerprinting scheme.

BACKGROUND OF THE INVENTION

In television broadcast systems compliant with DVB standards, relatedvideo, audio and data content, such as video audio and program guidedata for a single TV channel or group of TV channels, is processed by abroadcaster head-end system for delivery to receivers in an MPEG-2 datastream called a transport stream (TS). A transport stream comprises oneor more content streams referred to as packetized elementary streams,each packetized elementary stream (PES) typically containing the datafor one video, audio or data content aspect of one of the televisionchannels. Each packet of a PES is typically spread across many smallertransport stream packets for broadcast, with the transport streampackets for the multiple PESs being multiplexed into a single transportstream for transmission.

Provisioning of protected DVB services is typically enabled using aconditional access (CA) system. Content data is encrypted in abroadcaster head-end system and delivered to receivers in TS packetsalong with metadata enabling each receiver to use the correct key,commonly referred to as a control word, to decrypt the content. Controlword provisioning may be achieved using a smartcard, or otherconditional access/digital rights management (CA/DRM) client at thereceiver. Control words are usually sent to the receivers in encryptedform within entitlement control messages (ECMs) delivered in the TSusing MPEG-2 sections alongside the PESs carrying video, audio and/orother data. The CA/DRM client decrypts data in the ECMs to retrieve thecontrol words, using product keys which are updated periodically usingentitlement management messages (EMMs), and delivers the control wordsas required to one or more decrypters in the receiver.

Digital watermarking of content is well known. The content may compriseany type of information, and may include one or more of audio data,image data, video data, textual data, multimedia data, a web page,software products, security keys, experimental data or any other kind ofdata. There are many methods for performing digital watermarking ofcontent but, in general, they all involve adding a watermark to an itemof content. This involves embedding, or adding, watermark symbols (or awatermark codeword or payload data) into the original item of content toform a watermarked item of content. The watermarked item of content canthen be distributed to one or more receivers (or users or recipients orreceivers).

One particular application of digital watermarking is in the delivery ofvideo signals in a digital video broadcasting (DVB) system, althoughmany others exist.

WO01/67667 describes a technique in which content can be delivered in aencrypted form to a plurality of receivers in such a manner that thecontent stream recovered at each receiver or subset of receivers carriesa different set of watermark symbols, or fingerprint, from thatrecovered at other receivers or subsets of receivers. This is achievedby including in a content stream multiple (typically two) copies of someor all portions of the content, each copy carrying a different watermarksymbol and being encrypted using a different control word than the othercopies of the same content portion. By controlling the control wordsavailable at each receiver, the set of watermark symbols, orfingerprint, present in a content stream reconstructed at each receiveris controlled.

EP2341708 describes a similar scheme in which error handlingcapabilities of the receivers are used to reject content portions whichare decrypted with the wrong control word, so that only the intendedwatermark symbols are found in the reconstructed stream at a particularreceiver.

EP2334070 describes ways in which the broadcaster head-end may bearranged to generate a suitable encrypted content stream for delivery toreceivers in order to implement a similar fingerprinting scheme.

It would be desirable to be able to implement a scheme for deliveringcontent multiple, differently processed copies of at least selectedportions of content in a single transport stream to a plurality ofreceivers by adding extra functional modules to a conventional head-endsystem and avoiding or minimising reengineering of existing functionalmodules, so that such a scheme can be more easily integrated into anexisting or already designed broadcaster head-end system. The inventionseeks to address this and other problems of the related prior art.

SUMMARY OF THE INVENTION

The invention provides apparatus and methods for providing media contentat a plurality of receivers or receiver groups using the same contentstream such that at each receiver, or each group of receivers, the mediacontent is reconstructed to carry a differently processed copy of atleast some part or parts of the content. For example, the media contentmay be reconstructed to carry a different sequence of watermark symbols,that is a different fingerprint, at each receiver or receiver group.This is preferably achieved by including multiple copies of at leastsome portions of the content in the content stream, each one of multiplecopies being differently processed at the head-end, for example carryingan alternative watermark symbol and being differently encrypted, andselectively restricting whether particular content portions can bedecrypted at particular receivers or groups of receivers. In particular,the invention provides ways of achieving this in legacy systems whichalready provide content protection functionality, for example by addingfunctional modules to a head-end system in a way which avoidssignificant reengineering of aspects of existing conditional accessfunctional modules.

To this end, the invention provides a head-end system for preparingdigital content for transmission to a plurality of receivers, thedigital content comprising a sequence of content portions, the systemcomprising: a pre-processor arranged to generate at least first andsecond copies of each content portion; a content protection and contentpackaging system arranged to distribute or output each of the at leastfirst and second copies of each content portion into a separate group oftransport stream packets, each of the at least first and second copiesof each content portion distributed into transport stream packets beingdifferently encrypted to the other or others of the copies of thatcontent portion, and to merge all of the said transport stream packetsfor each content portion into an original transport stream in which atleast some of the transport stream packets deriving from the samecontent portion but differently encrypted are interleaved; and apost-processor arranged to reorder the original transport stream to forma re-multiplexed transport stream in which transport stream packetscontaining parts of the same content portion but being differentlyencrypted are not interleaved.

In some embodiments all of the transport stream packets are formed inthe content protection and packaging system. In other embodiments, someof the transport stream packets may be formed prior to processing by thecontent protection and packaging system, for example in thepre-processor, for example by an additional conditional access systemarranged to process one or more of the copies of content portions.

The addition of a post-processor with such functionality enablesreceivers to be used which do not need to select transport streampackets which derive from the same elementary content stream beforeattempting decryption, which may be problematic in legacy receivers.

The sequence of content portions selected for copying as set out abovemay include all available portions of the content, or a subset of suchportions which may typically be interspersed between other non selectedportions. The selected portions may, for example, be only a smallproportion such as 10% of all available portions of the content.

Usual behaviour of a legacy head-end conditional access subsystem wouldbe to treat each different copy of a content portion as belonging to adifferent elementary stream and therefore would be to mark transportstream packets containing each of the different copies of a contentportion with a different corresponding stream label visible in thetransport stream packets to the post-processor. So that receivers canreconstruct a single elementary stream from the copies of the contentportion and the original elementary stream packets, the post-processormay comprise a stream label filter arranged to detect and filterreceived transport stream packets according to stream label applied bythe content protection and content packaging system. The post-processormay replace the different corresponding stream labels with a singlestream label for the transport packets containing any of the differentlyencrypted copies of a content portion and the original elementary streampackets in the re-multiplexed transport stream.

The head-end system may be arranged to include in the re-multiplexedtransport stream data enabling handling of control words at saidreceivers such that a plurality of receivers each reconstructs thesequence of content portions to contain a different sequence of saidwatermark symbols, or an otherwise different version of the content,such data including for example entitlement control messages comprisingsaid control words and entitlement management messages restrictingaccess by particular receivers to particular subsets of said controlwords.

The head-end may be further adapted to include in the re-multiplexedtransport stream: a stream comprising said differently encrypted partsof a said content portion; a first entitlement control messagecontaining key data for decrypting a first said copy of the contentportion; a second entitlement control message containing key data fordecrypting a second said copy of the content portion; first mapping datacomprising a content stream label identifying said stream of differentlyencrypted parts of a said content portion, a first content data typecorresponding to a data type of said content portion, and a firstconditional access stream label identifying said first entitlementcontrol message; and second mapping data comprising said content streamlabel identifying said stream of differently encrypted parts of saidcontent portion, a second data type not corresponding to a data type ofsaid content portion, and a second conditional access stream labelidentifying said second entitlement control message. Preferably then,the transport stream contains essentially no content portions of thesecond content data type identified by said second mapping data,although it may be necessary to include a small amount of data, forexample containing empty payload data, to ensure that some receiversprocess the content portions, entitlement control messages, and mappingdata as required. For example, the amount of content data of the secondcontent data type in the transport stream may be less than 1% of theamount of content data of the first content data type in the transportstream.

The invention also provides a digital television system comprising thehead-end system as set out herein, and a plurality of receivers coupledto the head-end system by a transmission medium (20).

The invention also provides methods corresponding to the aboveapparatus, including a method of preparing digital content fortransmission to a plurality of receivers, and a method of adapting ahead-end system for preparing digital content.

The invention also provides computer readable media carrying computerprogram code operable to put into effect the methods described hereinwhen executed on suitable computer apparatus, for example computerapparatus being used to implement, in part or in whole, a head-endsystem as set out herein.

BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments of the invention will now be described, by way of exampleonly, with reference to the accompanying drawings, in which:

FIG. 1 shows a prior art digital television system comprising a head-enddelivering content over a distribution medium to a plurality ofreceivers;

FIG. 2 illustrates the prior art system of FIG. 1 where the head-end hasbeen adapted according to the invention to provide digitalfingerprinting or other functionality in the content delivered to thereceivers;

FIG. 3 shows more detail of functional modules of the head-end of FIG.2;

FIG. 4 illustrates aspects of a transport stream packet used in thesystem of FIG. 2;

FIG. 5 shows how content is processed in the head-end of FIGS. 2 and 3to form a re-multiplexed transport stream for delivery to the receivers;

FIG. 6 illustrates aspects of the receivers suitable for processing there-multiplexed transport stream generated by the head-end of FIGS. 2 and3;

FIG. 7 shows alternative detail of functional modules of the head-end ofFIG. 2;

FIGS. 8a and 8b illustrate the described method of copying portions ofcontent, processing the copies differently, and re-multiplexingresulting packets to form a reordered and merged elementary stream; and

FIGS. 9 and 10 illustrate a structure of part of a transport stream,arranged to associate two streams of entitlement control with a singleelementary stream of content.

DETAILED DESCRIPTION OF EMBODIMENTS OF THE INVENTION

In the description that follows and in the figures, certain embodimentsof the invention are described. However, it will be appreciated that theinvention is not limited to the embodiments that are described and thatsome embodiments may not include all of the features that are describedbelow. It will also be evident that various modifications and changesmay be made to the embodiments described herein without departing fromthe broader spirit and scope of the invention as set forth in theappended claims.

Referring to FIG. 1 there is shown a head-end system 5 for broadcastingcontent, such as a DVB head-end system, as found in the prior art. Thehead-end system includes a content ingestion function 10 which receivescontent, such as television video, audio and related data content, andprepares and schedules the content for transmission to a plurality ofreceivers 22. The content ingestion function 10 forwards the content aselementary streams 12 to a content protection and content packagingsystem 14 which carries out encryption and packetisation functions,before forwarding the content as a packetised stream 15 to atransmission function 18 which is arranged to broadcast or otherwisetransmit the packetised stream over a network, broadcast radio interfaceor other medium 20 to the receivers 22. In such an arrangement, theelementary streams 12 may be, for example, MPEG packetized elementarystreams (PESs), and the three elementary streams shown in the figurecould be a video stream, an audio stream, and an electronic programguide or other data stream. These elementary streams may be made up ofPES packets, or other content portions. Similarly, the transmissionstream 15 may be, for example, an MPEG transport stream, in which eachTS packet carries a packet ID (PID) value which associates the payloadof the TS packet with a particular one of the elementary streams 12.

In the arrangement of FIG. 1, the content protection and contentpackaging system 14 performs tasks of providing a control word,encrypting a content portion using the control word, and distributingthe encrypted content portion across a number of transport streampackets each carrying a label such as a PID linking the transport streampackets to the original elementary streams. The content protection andcontent packaging system 14 also embeds into the transport stream datawhich can be used by receivers to derive the correct control word todecrypt the content portion, for example as entitlement control messages(ECMs).

FIG. 2 shows how the head-end system of FIG. 1 may be adapted to createa head-end system 25 which implements a fingerprinting scheme. Thecontent ingestion function 10, content protection and content packagingsystem 14 and transmission function 18 remain essentially unchanged.Newly added are a pre-processing function 30 which in this case receivesthe original elementary streams 12 from the content ingestion system 10and forwards watermarked elementary streams 32 to the content protectionand content packaging system 14, and a post processing function 34 whichreceives an original transport stream 16 from the content protection andcontent packaging system 14 and forwards a modified transport stream 36to the transmission function 18 for broadcast to the receivers 22. Alsoadded is a control system 38 which controls the pre-processor function30 and the post processing function 34, also receiving necessary datafrom the content protection and content packaging system 14 as will bedescribed below. Because the new pre-processing function 30 and postprocessing function 34 are external to the content protection andcontent packaging system, these new components can easily be added tolegacy head-end systems. Note that the number of watermarked elementarystreams 32 is shown as twice the number of original elementary streams12, because typically each elementary stream 12 is duplicated into twodifferently watermarked copies, but other numbers of watermarked copiesmay be used as described elsewhere in this document.

FIG. 3 shows in more detail how the pre-processing function 30 and thepost processing function 34 may be implemented. The pre-processingfunction 30 receives content portions in an original elementary stream12 from the content ingestion function 10. Although the processing ofonly one original elementary stream 12 by the pre-processing function 30is shown in the figure, others of the original elementary streams may besimilarly processed if required. A copy component 50 forms multiplecopies of each content portion, with the number of copies denoted as Nin the figure, and passes one copy to each of multiple pre-processors 52which watermark each copy with a different symbol, denoted S₁ and S₂ inthe figure. Although the figure indicates two copies of each contentportion being made, thus N=2, in practice more than two copies may beused, for example under the control of the control system 38. Similarly,although every content portion of the stream 12 may be copied andwatermarked, the invention can also be implemented by copying andwatermarking only a subset of the content portions, by making differentnumbers of copies of different content portions, by watermarking onlyone of the copies and leaving the other copy un-watermarked, and usingvarious combinations of such variations, subject to the content portionsbeing copied and watermarked to a sufficient extent that differentfingerprints can be formed in the decrypted content streams at differentreceivers by successful decryption of only one of two or more copies ofat least some of the content portions. Although a copy function isshown, it will be appreciated that the watermarked elementary streams 32may be constructed without the intermediate step of making direct copiesof the content portions of the original elementary stream 12.

The watermarking may be carried out in a variety of different waysfamiliar to the person skilled in the art, and the techniques used mayvary between, for example, elementary streams carrying video and audiocontent.

The watermarked elementary streams 32 are passed to the contentprotection and content packaging system 14 for processing as alreadydescribed above in connection with FIG. 1, although it will be notedthat the content protection and content packaging system is now requiredto process more elementary streams than before. Each watermarkedelementary stream 32 is processed by the content protection and contentpackaging system generating or providing a control word, encrypting acontent portion of the watermarked elementary stream 32 using thecontrol word, and distributing the encrypted content portion across aplurality of transport stream packets 80. Aspects of a transport streampacket 80 as discussed herein are illustrated in FIG. 4. A headerportion 82 contains a variety of data describing the packet, including astream label 54 shown here as “PID”, and a locator field 84 as describedbelow. A payload portion 86 contains encrypted content from theelementary stream 12.

Returning to FIG. 3, as part of conventional functionality for a legacycontent protection and content packaging system 14, the subsystemincludes in the header of each transport stream packet 80 a clear text(that is, not encrypted) stream label 54 indicating from whichwatermarked elementary stream 32 the payload of the transport streampacket 80 is derived. These stream labels 54 are shown in FIG. 3 for thetwo watermarked elementary streams as P₁ and P₂. P₁ and P₂ may be, forexample, MPEG PIDs, such that for three original elementary streams,duplicated and watermarked by the pre-processing function 30, theresulting transport stream packets 80 will be identified by sixdifferent stream labels 54. These stream labels are also communicatedfrom the content protection and content packaging system 14 to thecontrol system 38. Other relevant stream parameters may also be passedfrom the content protection and content packaging system 14 to thecontrol system 38. This communication may be such that, for example, thecontrol system 38 obtains the stream label information from a networkmanagement system, or via manual configuration uploads by an operator.It is not necessary for the content protection and content packagingsystem 14 to be adapted to provide this communication function.

The content protection and content packaging system 14 also includes inat least some of the transport stream packets 80 a clear text locatorfield 84 which supports locating the start of a content portion. In asystem according to MPEG-2 standards, this locator field may be theMPEG-2 payload_unit_start indicator in the transport stream packetheader 82 that signals the start of a PES packet in the encryptedpayload 86 of a TS packet 80 (this indicator may also be set forunencrypted PES packet payload data).

As already mentioned above, the content protection and content packagingsystem 14 also embeds, into the transport stream, metadata which can beused by receivers to derive the correct control word to decrypt eachcontent portion, for example as ECMs, with each of a plurality ofreceivers being enabled to successfully decrypt a different combinationof the content portion copies carrying a different combination ofwatermark symbols and therefore a different fingerprint. In FIG. 3 thisfunctionality is touched on by showing a CA control link 56 exerted onthe content protection and content packaging system 14 by the controlsystem 38. Such a link may typically be implemented by a human operatorbecause the legacy content protection and content packaging system andthe control system may have no way to establish a communicationprotocol. The legacy head-end system may already be provided with anetwork management system that uses a protocol such as SNMP (SimpleNetwork Management Protocol) to configure and monitor the operation ofthe various subsystems in the head-end. The network management systemcould, for example, be used to facilitate the easy configuration of thecontrol system 38.

The transport stream packets relating to each different watermarkedelementary stream 32 are multiplexed together by the content protectionand content packaging system 14 to form an original transport stream 16.However, content from only one elementary stream 12 is now found intransport stream packets with two or more different stream labels 54because of the action of the copy function 50 and the way in whichrelated watermarked elementary streams 32 are treated separately by thecontent protection and content packaging system 14. Moreover, becausethe content protection and content packaging system will generallyinterleave, into the transport stream, transport stream packets derivedfrom different elementary streams, including interleaving transportstream packets containing data from the different watermarked elementarystreams, transport stream packets containing payload data from one ofthe watermarked elementary streams 32, and encrypted with one controlword, will be interleaved with transport stream packets containingpayload data from another of the watermarked elementary streams 32, andencrypted with a different control word. This interleaving would makeprocessing of the data at legacy receivers impossible.

The post processing function 34 therefore receives the originaltransport stream 16 from the content protection and content packagingsystem 14, and reconfigures and reorders the transport stream packets toform a re-multiplexed transport stream 36 which is passed to thetransmission function 18, using information received from the controlsystem 38, in a particular the stream labels 54 of the two or morewatermarked elementary streams. The main functional elements required tocarry out this processing are shown in FIG. 3. Within the postprocessing function 34 a stream label filter 58 uses the stream labels54 contained within the transport stream packets to identify from whichwatermarked elementary stream 32 each transport stream packet containspayload data, and locator functions 60 use the locator fields 84 toidentify which transport stream packets, for each watermarked elementarystream, contain the start of a new content portion. A metadata updatefunction 62 arranges update of other metadata in the transport stream.The locator functions 60 and metadata update function 62 are then usedto control reconfiguring and re-multiplexing of the transport stream bythe re-multiplex function 64. In particular, all of the transport streampackets 80 that contain an entire content portion from one of thewatermarked elementary streams 32 are grouped together in there-multiplexed transport stream 36, so that transport stream packets 80deriving from the same content portion but different watermarkedelementary streams 32 are not interleaved. Equivalently, transportstream packets for a single content portion but encrypted with differentcontrol words should not be interleaved. Transport stream packets for asingle content portion and encrypted with the same control word may becontiguous in the stream, although packets carrying data from otherelementary streams, or stream metadata may be interleaved therebetween.

The post processing function 34 also re-labels the transport streampackets which derive from the same elementary stream 12 but two or moredifferent watermarked elementary streams 32 so that they carry the samestream label 58. This also helps to avoid the requirement for specialhandling of the transport stream at the receivers 22, which wouldconventionally expect all content for a particular elementary stream 12to arrive within transport stream packets containing the same streamlabel 58. The metadata update function 62 ensures that metadata in there-multiplexed transport stream 36 is consistent with this change.

In the case of a DVB standards compliant system, the stream label filter58 may be described as a PID filter, selecting transport stream packetson the basis of the PID value found in the clear text header. Thelocator functions 60 detect the start of PES packet data, and themetadata update function 62 maintains consistency of the Program MapTable (PMT) and other metadata tables in the transport stream, forexample by consolidating the PMT entries for the two watermarkedelementary streams 32 to indicate a single elementary stream consistentwith transport stream packets from both watermarked elementary streams32 carrying the same PID. To fulfil the above condition that transportstream packets 80 deriving from the same content portion but differentwatermarked elementary streams 32 are not interleaved, transport streampackets 80 under a DVB compliant system are grouped by there-multiplexer 64 at the PES level. The watermark post processorfunction 34 also makes sure that clock information in the broadcaststream is suitably adjusted.

FIG. 5 shows how a series of content portions, represented as DVB PESpackets 70 labelled as PES₁ to PES₄, and representing part of a singleelementary stream 12, may be processed by a head-end system of FIGS. 2and 3 to form a broadcast re-multiplexed transmission stream 36. Thepre-processing function forms two watermarked copies of each PES packet70, each copy being watermarked with a different one of the twowatermark symbols, represented by the second index, thus PES_(1,0) andPES_(1,1) etc, the two copies thereby forming the two watermarkedelementary streams 32. The two differently watermarked copies of each ofthe four illustrated PES packets 70, which are therefore contained inthe watermarked elementary streams 32, provide 16 possible combinationsof the two watermark symbols at a receiver, depending upon which of thetwo copies of each of the PES packets is successfully decrypted by thereceiver. The content protection and content packaging system 34encrypts the content contained within the watermarked elementary streams32, and distributes each content portion from each watermarkedelementary stream 32 across a number of transport stream packets 80. InFIG. 5 each encrypted content portion is conveniently shown asdistributed across only five transport stream packets 80, although inpractice several hundred transport stream packets may be used to carry asingle content portion, for example if a transport stream packet is 188bytes in length as is usual in MPEG-2 compliant systems, and each PESpacket contains a whole frame of video data. The unit of content dataencompassed in or contained by a single PES packet is sometimes referredto as an access unit, and in known systems an access unit may typicallycorrespond to one video frame, or a subset of a frame such as an MPEGslice.

The transport stream packets are multiplexed to form an originaltransport stream 16 which is passed to the post processing function 34.The stream labels, provided as PIDs in each transport stream packet, aremade available to the control system 38. It can be seen that theordering of the transport stream packets 80, with respect to thewatermarked copy from which each is derived, is variable, with transportstream packets from the two differently watermarked copies beinginterleaved with each other in an arbitrary manner, and transport streampackets derived from different PES packets 70 also being interleavedwith each other to some extent.

The original transport stream 16 is passed to the post processingfunction 34 which carries out reconfiguration and re-multiplexing of thetransport stream packets as described above, remerging the transportstream packets into a re-multiplexed transport stream 36 in whichtransport stream packets are grouped into access units, each access unitcontaining one watermarked copy of a single PES packet 70. The transportstream packets in the re-multiplexed stream are relabelled with a singlestream label or PID value, rather than the two different PID valuesfound in the transport stream packets of the original transmissionstream. The re-multiplexing of the transport stream packets into accessgroups in this way is beneficial for the configuration and operation ofthe receivers, as will be evident from the following examples.

Some detailed ways in which a transport stream containing multiplewatermarked and differently encrypted copies of content portions of anelementary stream may be processed to recover the elementary stream dataat a receiver are set out, for example, in EP1134977, EP2334070 andEP2341708, the contents of which are incorporated herein in theirentirety. FIG. 6 shows schematically and in outline one way in whichthis may be achieved.

In FIG. 6, a transport stream 36 is delivered by the network 20 shown inFIG. 2 to receiver 22. Receiver 22 may, for example, be implemented as aset-top box or television set 23 provided with a local CA/DRM client 90,for example in the form of a smartcard. The transport stream 36 containsusual DVB structures, including transport stream packets containingentitlement management messages (EMMs), entitlement control messages(ECMS), elementary stream (ES) data, and other metadata such as aprogram association table (PAT), at least one program management table(PMT), and at least one conditional access table (CAT).

Following decryption of the transport stream by a decrypter 92,decrypted transport stream packets are passed to a transport streamde-multiplexer 94 in the receiver 22 which removes the transport streampacket structure and controls the flow and use of the decryptedtransport data in the form of PES packets. The PAT provides data whichenables the de-multiplexer 94 to access the correct PMT table for acurrent program, and to thereby identify and direct EMM packets to theCA/DRM client 90 for decryption to provide one or more session keys, andto direct ECM packets to the CA/DRM client 90 for decryption using theone or more session keys to provide one or mode control words. Using theavailable metadata, the receiver 22 loads the control words at thecorrect times into the transport stream decrypter 92. The de-multiplexer94 directs packets containing elementary stream data to a PES processor96 which removes the PES packet structures and thereby reconstructselementary streams from the packetised elementary streams. In FIG. 6several elementary streams in parallel are shown after the transportstream de-multiplexing operation.

The content protection and content packaging system 14 in the head-end25 of FIGS. 2 and 3, in conjunction with the control system 38, arrangesfor the metadata received at the receiver 22 to provide for a particularsequence of control words to be provided by the CA/DRM client to thereceiver 22 for loading into the decrypter 92 in respect of eachcryptoperiod (interval in which the control word remains unchanged). Thecontrol words available to each receiver may be controlled, for example,using entitlement management messages specific to particular groups ofreceivers. The control words loaded at a particular receiver arearranged so as to enable, during each cryptoperiod, only a selected oneof the watermarked copies of each content portion deriving from a PESpacket to be successfully decrypted, and the sequence of selectiondetermines the sequence of watermark symbols which are then present inthe elementary streams which are passed to the content decoder 98 whichreconstructs the content of original elementary streams for output, forexample to a separate television or for further processing or display.

As set out in EP2341708, a watermarked copy encrypted with a controlword that differs from the control word value loaded into the decrypter92 leads to an output of decrypted content containing essentially randomdata as illustrated by the “corrupt data” output of the PES processor96. In particular, the PES processor 96 may look in the data stream fora PES packet header start pattern (typically a 4 byte value 0x00000001).If this value is not found at the end of an earlier PES packet, the PESprocessor 96 starts looking for that value in the data stream. Thisproperty is used to skip over PES packets that are generated bydecrypting transport stream packets using a wrong control word value, asthe use of a wrong control word produces essentially random data.

Because the transport stream 36 has been reordered by the post processor34 to contain transport stream packets which are grouped so that allpackets of each content portion for each watermarked elementary stream32 are together, and not interleaved with transport stream packetsderiving from the same original elementary stream but encrypted with adifferent code word, a sequence of transport stream packets for aparticular elementary stream can be processed together by the decrypter92 without needing to reorder or filter packets according to whichwatermarked elementary stream 32 they came from. Accordingly, there isno need for the transport stream packets from each of the watermarkedelementary streams 32 to carry labels identifying them as such, and alltransport stream packets for a particular original elementary stream cancarry the same stream identifier 54 or PID. Thus, subject to the correctcontrol words being loaded at the correct times into the decrypter 92,the receiver 22 itself does not need to be especially adapted to handlethe transport stream containing the digital fingerprint. Due to thede-interleaving, PES packets decrypted with a wrong control word resultin a single batch of random data that ends with the start of a PESpacket that is decrypted correctly (i.e. using the correct control wordvalue). This enables the use of legacy receivers as described, forexample, in EP2341708. The present invention allows the use of legacyreceivers that receive their content from a legacy head-end with onlysome additional pre-processing and post-processing modules.

Embodiments of the invention described above implement fingerprintingusing an adapted head end 25 in which copies of a content portion aredifferently watermarked and encrypted with different control words.However, the re-multiplexing of transport stream packets as discussedabove may also be used for other purposes, for example to more generallypermit or deny access to certain content portions by particularreceivers 22, using a similar scheme of control words which areselectively available to particular receivers or groups of receivers,and/or by using multiple encryption schemes or algorithms wherein notall receivers are operable to implement all of the schemes oralgorithms.

By way of example, FIG. 7 shows an arrangement similar to that of FIG.3, but in which copies of a content portion are differently encryptedwithout being watermarked or differently watermarked. The contentprotection and content packaging system 14 and post processor 34 may beimplemented in much the same way as described above, so that the samereference numerals are used. The pre-processor, labelled here aspre-processor 110, is implemented differently, and includes a copycomponent 112 which passes all content portions into stream S₁. StreamS₁ is not processed further by the pre-processor 110, but is processedin the content protection and content packaging system 14.

Typically, the content protection and content packaging system 14 inFIG. 7 may encrypt only a fraction, for example about 10%, of stream S₁,leaving a common part which is not encrypted. The stream S₂ is formedfrom copies of those content portions which in stream S₁ are encryptedby the content protection and content packaging system 14, but forstream S₂ these are differently encrypted than the same portions in theS₁ stream, by an additional conditional access system 114 shown as partof the pre-processor 110. The output of the additional conditionalaccess system 114 is a transport stream packet stream containing theencrypted version of the S₂ elementary stream content portions. Thistransport stream uses a separate stream label or PID for the containedelementary stream and has additional packets for ECM and EMM data. Theoutput of the additional conditional access system is not furtherencrypted in the content protection and content packaging system 14,instead passing through the content protection and content packagingsystem without any significant further processing, perhaps apart fromsome PID remapping. The post processor 34 serves the same function asdescribed above in connection with FIG. 3, that of combining the S₁ andS₂ streams into a transport stream 36 such that all of the S₁ and S₂content portions are labelled with the same stream label, and areprocessed by receivers 22 as such.

The arrangement of FIG. 7 may be used to implement DVB schemes in whichreceivers of the transport stream may use any of two or more encryptionmodes, for example under the Simulcrypt system. All receivers can usecontent received in the unencrypted common part of stream S₁. Receiversarranged to operate with the conditional access system implemented bythe content protection and packaging system 14 are able to use contentencrypted by that part of the head end system, and receivers arranged tooperate with the additional conditional access system implemented in thepre-processor 110 are able to use content encrypted by that other partof the head-end system.

The arrangement of FIG. 7 can of course be varied to include multipleadditional conditional access systems in the pre-processor 110. Thetransport stream 36 generated by a head-end implementing the arrangementof FIG. 7 may contain a high proportion of unencrypted content portions,for example greater than 90%, or as little as no unencrypted contentportions. The scheme can be implemented without using a streamillustrated as S₁ in FIG. 7, with multiple copies instead beingprocessed by multiple corresponding conditional access system functionsimplemented by the pre-processor. Such arrangements can be combined ifdesired with watermarking and fingerprinting functionality as discussedabove.

FIGS. 8a and 8b illustrate more generally the pre-processor and postprocessor functions provided by the invention in order to adapt a legacyhead-end to provide re-multiplexed transport stream packets forprocessing by receivers. In step 1 of these figures, content portionsare identified in the original elementary stream. In step 2 a contentportion is selected, for example by the pre-processor 30 or 110 of FIG.3 or 7, and copies are created in separate elementary streams. Thesecopies may then be processed differently in step 3, for example byapplying different watermark symbols to the different copies, orotherwise, before the elementary streams containing the various copiesare packetised and protected by encryption in step 4. In FIG. 3 thisstep is carried out in the content protection and content packagingsystem for all different copies, whereas in FIG. 7 some of the copiesare protected by encryption in the pre-processor 110. In step 5 thepackets are multiplexed into a single data stream, typically by thecontent protection and content packaging system 14 shown in the earlierfigures. Note that at this stage, content portions from the two or morecopies are contained in packets which are interleaved with each otherwithin the data stream.

Steps 6 to 9 of FIGS. 8a and 8b are carried out by the post processordiscussed above. The separate elementary streams are firstde-multiplexed in step 6 and the packets are then reordered in step 7 toremove the above mentioned interleaving from different copies. Thestream labels or PIDs are remapped in step 8 to form a single mergedelementary stream in step 8. Finally, in step 9 the packets arere-multiplexed into a single re-ordered data stream with suitablyadapted metadata.

Schemes for fingerprinting and otherwise delivering multiple copies ofcontent portions along the lines set out above may require that two (ormore) streams of entitlement control, for example as streams of ECMs aredelivered to the receiver in the transport stream 36 and that bothstreams are associated by the receiver with the same elementary stream.This functionality is not generally available in existing receivers 22.Prior art MPEG-2 based conditional access systems associate no more thanone ECM stream with each elementary stream, with program mapping tablescontaining only one conditional access descriptor for each elementarystream. However, it would be desirable to be able to implement suchschemes without modifying or providing special functionality in thereceivers to handle multiple streams of ECMs.

FIG. 9 illustrates mapping data 300 which may be included in a transportstream 36 in order to associate two ECM streams 126′ and 126″ with asingle elementary or content stream 112, and in particular such acontent stream containing encrypted content portions which can bedecrypted using code words provided in the two ECM streams. The mappingdata 300 includes first mapping data 302 and second mapping data 304.The first mapping data 302 contains a content stream label 306 whichenables the receiver 22 to identify transport stream packets containingencrypted content which form part of a particular content stream 112. Afirst content data type 308 correctly identifies the type of content inthe content stream 112, in this case as video data, so that the contentstream can be correctly routed and handled in the receiver 108, forexample by the appropriate decoders after decryption. A firstconditional access stream label 310 enables the receiver 22 to associatethe first ECM stream 126′ with the content stream 112, and thereforeload control words derived from that ECM stream in the CA/DRM client 90of the receiver into the decrypter to decrypt content from the contentstream 112.

The second mapping data 304 contains a content stream label 312 whichenables the receiver 22 to identify transport stream packets containingencrypted content which form part of the same content stream 112 as thatidentified by the first mapping data. A second conditional access streamlabel 316 then enables the receiver 22 to also associate the second ECMstream 126″ with the content stream 112, and therefore load controlwords derived from that ECM stream in a CA/DRM client 90 into thedecrypter 92 to decrypt content from the content stream. However, if thesecond mapping data 304 also correctly identified the data type of thecontent in the content stream 112, for example as video data, then thiswould trigger a selection process in at least some known receivers,typically requiring the user to select one or other of the streams whichappear to be provided in the mapping data. Alternatively oradditionally, this measure could cause prior art receivers to simplyignore either the first or second of the mapping data groups so thatonly one ECM stream was recognised and used for providing control wordsto the decrypter. To avoid such consequences, the second mapping datacontains a second content data type 314 which does not correctlyidentify the type of content in the content stream. Preferably also,this second content data type is a data type which will not trigger anyselection function in receivers, for example a non-video and non-audiotype. Preferably, the second content data type is a data type for whichthere is no associated decoding capability in the receiver 108 Inparticular. Typically, DVB receivers are provided with specialistdecoding functions for audio and video data, but not for other datatypes such as teletext, electronic program guide or general data types.

FIG. 10 shows how the first and second mapping data of FIG. 9 may beimplemented in an MPEG-2 type conditional access system. The first andsecond mapping data 302, 304 are implemented together in a programmapping table (PMT) as discussed above. The first entry 312 in the PMTdescribes an audio content stream having a PID of 2, and pointing to aconditional access descriptor 314 specifying a PID 64 for the associatedECM stream. A third entry 316 in the PMT table also describes a contentstream having a PID of 2, thereby associating with the same audiocontent stream as described by the first entry 312. However, theComponent Type descriptor is “Data” instead of “Audio”, so that thereceiver will accept the entry and process the associated conditionalaccess descriptor 318 which specifies a PID 66 for the associated ECMstream. In this way, the receiver 108 will associate both ECM streams 64and 66 with the audio stream. The PMT table 310 also describes, in thesecond entry 320, an video content stream which is associated with asingle conditional access descriptor 322 linking the video contentstream to a single ECM stream with a PID of 65.

The arrangements described above in respect of FIGS. 9 and 10 may beused to provide multiple ECM streams for decrypting content portionsfrom a single encrypted content stream. In particular, the contentstream may contain multiple copies of some or all of the contentportions. The multiple ECM streams may then provide key data fordecrypting all of the copies, but a receiver 22 may be provisioned withproduct keys to decrypt key data sufficient only to obtain control wordswhich can be used to successfully decrypt a single copy of each contentportion. Suitable provisioning of product keys to different receivers orsubsets of receivers, for example using EMMs in the transport stream orsome other mechanism (which may be separate to the transport stream) canthen cause each different receiver or subset of receivers tosuccessfully decrypt a different combination of the copies of saidcontent. Labelling each copy of a particular content portion with adifferent watermark symbol then leads to each receiver or subset ofreceivers to generate clear content with a different sequence ofwatermark symbols or fingerprint. Alternatively or additionally, such ascheme may be used to provide multiple versions of selected contentportions in a single content stream, for example to provide multipledifferently encrypted copies of a part of the content stream toimplement schemes which have the same effect as PID switching inreceivers not adapted to support PID switching, and/or to implementSimulcrypt type systems.

In FIGS. 9 and 10 only one extra group of mapping data is used toassociate a single extra ECM stream with a particular content stream.However, further groups of mapping data specifying other ECM streams,and preferably defining different data types can be used to associatethree or more ECM streams with a single content stream. This could beused, for example, where three or more differently watermarked anddifferently encrypted copies of each content portion are included in thetransport stream, or three differently encrypted versions of a part of acontent stream are to be delivered to different groups of receivers toimplement a Simulcrypt or similar scheme.

The use of first and second mapping data as shown in FIGS. 9 and 10therefore can be used to introduce mapping for a component stream forwhich there is no associated decoding capability in the receiver, suchas a general data component stream. As the receiver does process theconditional access descriptor for such components, it allows thecreation of an additional ECM stream for a component stream. Theconditional access descriptor in the additional (dummy) component streamis associated with a PID value of the actual component stream. The ECMprocessing in the CA/DRM client 150 either results in loading a controlword for the component stream or it will not return a control word, inparticular if the required product key is not available. As the receiver108 is configured such that all of the ECM streams are associated withthe same video or audio content stream, the ECM processing results inloading the correct control word into the decrypter.

The functionality described above in connection with FIGS. 9 and 10 canbe implemented in a head-end system as shown for example in FIGS. 2 and7 using an appropriate set-up of the pre-processor 30,110. Thepre-processor may be arranged to generate a second stream (which couldbe labelled “data”) so that the content protection and content packagingsystem would generate separate ECM streams for the two elementary streaminputs as well as the corresponding metadata. After packet re-orderingand PID remapping, the resulting stream then accords with thearrangements shown in FIGS. 9 and 10.

The functionality of the head-end system 25 and receivers as describedabove may be implemented in hardware, in software or a combination ofboth. Accordingly, when functionality such as that of the pre-processingmodule 30 and post processing module 34 is described, this may beprovided as computer program elements, which may be stored in a volatilecomputer memory, a non-volatile computer memory, on hard disks coupledor on removable media such as CDROM or DVD data disks, and may also betransmitted as a data signal over a network or other telecommunicationsconnection.

It will be understood that variations and modifications may be made tothe described embodiments without departing from the scope of theinvention as defined in the appended claims. For example, it is to beunderstood that any feature described in relation to any one embodimentmay be used alone, or in combination with other features described, andmay be used in combination with one or more features of any of the otherembodiments, or any combination of the other embodiments.

The invention claimed is:
 1. A head-end system for preparing digitalcontent for transmission to a plurality of receivers, the digitalcontent comprising a sequence of content portions, the systemcomprising: a pre-processor arranged to generate at least first andsecond copies of each content portion; a content protection and contentpackaging system arranged to output each of the at least first andsecond copies of each content portion into a separate group of transportstream packets, each of the at least first and second copies of eachcontent portion distributed into transport stream packets beingdifferently encrypted to the other or others of the copies of thatcontent portion, and to merge all of the said transport stream packetsfor each content portion into an original transport stream in which atleast some of the transport stream packets deriving from the samecontent portion but differently encrypted are interleaved; and apost-processor arranged to de-multiplex and to reorder the originaltransport stream to form a re-multiplexed transport stream in whichtransport stream packets containing parts of the same content portionbut being differently encrypted are not interleaved.
 2. The head-endsystem of claim 1 in which the pre-processor is arranged to watermarkeach of the copies of a said content portion with a different symbol. 3.The head-end system of claim 1 in which the content protection andcontent packaging system is arranged to differently encrypt each of thecopies of a said content portion.
 4. The head-end system of claim 1 inwhich the pre-processor and content protection and packaging system arearranged to differently encrypt different copies of a said contentportion.
 5. The head-end system of claim 1 wherein differentlyencrypting comprises encrypting using different control words.
 6. Thehead-end system of claim 1 wherein differently encrypting comprisesencrypting using different encryption algorithms.
 7. The head-end systemof claim 1 wherein the content protection and content packaging systemis arranged such that at least some of the transport stream packets ofthe original transport stream containing parts of different contentportions are interleaved, and the post-processor is further arranged tode-multiplex and to reorder the packets of the original transport streamsuch that said transport stream packets containing parts of differentcontent portions are not interleaved.
 8. The head-end system of claim 1wherein the content protection and content packaging system marks thetransport stream packets containing each of the differently encryptedcopies of a said content portion with a different corresponding streamlabel visible in the transport stream packets to the post-processor. 9.The head-end system of claim 8 wherein the post-processor comprises astream label filter arranged to detect and filter received transportstream packets according to the stream label applied by the contentprotection and content packaging system.
 10. The head-end system ofclaim 8 wherein the post-processor replaces the different correspondingstream labels with a single stream label for the transport packetscontaining any of the differently encrypted copies of a said contentportion in the re-multiplexed transport stream.
 11. The head-end systemof claim 1 arranged to include in the re-multiplexed transport streamdata enabling handling of said differently encrypted copies at saidreceivers such that each one of at least two of said receivers or atleast two groups of said receivers reconstructs the sequence of contentportions to contain a different combination of said copies.
 12. Thehead-end system of claim 11 wherein the data enabling handling of saiddifferently encrypted copies includes entitlement control messagescomprising control words useable to decrypt said copies.
 13. Thehead-end system of claim 1, further adapted to include in there-multiplexed transport stream: a stream comprising said differentlyencrypted parts of a said content portion; a first entitlement controlmessage containing key data for decrypting a first said copy of thecontent portion; a second entitlement control message containing keydata for decrypting a second said copy of the content portion; firstmapping data comprising a content stream label identifying said streamof differently encrypted parts of a said content portion, a firstcontent data type corresponding to a data type of said content portion,and a first conditional access stream label identifying said firstentitlement control message; and second mapping data comprising saidcontent stream label identifying said stream of differently encryptedparts of said content portion, a second data type not corresponding to adata type of said content portion, and a second conditional accessstream label identifying said second entitlement control message. 14.The head-end system of claim 13 wherein the transport stream containssubstantially no content portions of the second content data typeidentified by said second mapping data.
 15. The head-end system of claim13 wherein the second content data type is a content type for whichthere is no associated decoding capability in some or all of thereceivers.
 16. A digital television system comprising; a head-end systemfor preparing digital content for transmission to a plurality ofreceivers, the digital content comprising a sequence of contentportions, the head-end system comprising: a pre-processor arranged togenerate at least first and second copies of each content portion; acontent protection and content packaging system arranged to output eachof the at least first and second copies of each content portion into aseparate group of transport stream packets, each of the at least firstand second copies of each content portion distributed into transportstream packets being differently encrypted to the other or others of thecopies of that content portion, and to merge all of the said transportstream packets for each content portion into an original transportstream in which at least some of the transport stream packets derivingfrom the same content portion but differently encrypted are interleaved;and a post-processor arranged to de-multiplex and to reorder theoriginal transport stream to form a re-multiplexed transport stream inwhich transport stream packets containing parts of the same contentportion but being differently encrypted are not interleaved; and aplurality of receivers coupled to the head-end system by a transmissionmedium.
 17. A method, implemented by one or more processors, ofpreparing digital content for transmission to a plurality of receivers,the digital content comprising a sequence of content portions,comprising: generating at least first and second copies of selected onesof said content portions; distributing each of the at least first andsecond copies of each selected content portion in encrypted form into aseparate group of transport stream packets, each of the at least firstand second copies of each selected content portion distributed intotransport stream packets being differently encrypted to each other;merging all of the said transport stream packets for each selectedcontent portion into an original transport stream in which at least someof the transport stream packets deriving from the same content portionbut being differently encrypted are interleaved; and de-multiplexing andreordering the original transport stream to form a re-multiplexedtransport stream in which transport stream packets containing parts ofthe same content portion but being differently encrypted are notinterleaved.
 18. The method of claim 17 further comprising watermarkingeach of the copies of a selected content portion with a differentsymbol.
 19. The method of claim 17 wherein differently encryptingcomprises encrypting using different control words.
 20. The method ofclaim 17 further comprising marking the transport stream packetscontaining each of the differently encrypted copies of a content portionwith a different corresponding stream label visible in the packets ofthe original transport stream.
 21. The method of claim 20 furthercomprising filtering transport stream packets in the original transportstream according to a stream label, in preparation for the step ofreordering.
 22. The method of claim 20 further comprising replacing thedifferent corresponding stream labels with a single stream label for thetransport packets containing any of the differently encrypted copies,and using said single stream label in the transport packets in there-multiplexed transport stream.
 23. The method of claim 17 furthercomprising including in the re-multiplexed transport stream dataenabling handling of said differently encrypted copies at said receiverssuch that each one of at least two of said receivers or at least twogroups of said receivers is enabled to reconstruct the sequence ofcontent portions to contain a different combination of copies.
 24. Themethod of claim 23 wherein the data enabling handling of saiddifferently encrypted copies includes entitlement control messagescomprising control words useable to decrypt said copies.
 25. The methodof claim 17, further comprising including in the re-multiplexedtransport stream: a stream comprising said differently encrypted partsof the same content portion; a first entitlement control messagecontaining key data for decrypting a first said copy of the contentportion; a second entitlement control message containing key data fordecrypting a second said copy of the content portion; first mapping datacomprising a content stream label identifying said stream of differentlyencrypted parts of the same content portion, a first content data typecorresponding to a data type of said content, and a first conditionalaccess stream label identifying said first entitlement control message;and second mapping data comprising said content stream label identifyingsaid stream of differently encrypted parts of the same content portion,a second data type not corresponding to a data type of said content, anda second conditional access stream label identifying said secondentitlement control message.
 26. The method of claim 25 wherein themethod includes in the transport stream no content portions of thesecond content data type identified by said content stream label. 27.The method of claim 25 wherein the second content data type is a contenttype for which there is no associated decoding capability in thereceivers.
 28. The method of claim 25 wherein the first mapping data andsecond mapping data are first and second entries in an MPEG programmapping table included in the transport stream.
 29. The method of claim28 wherein the first and second conditional access stream labels areincluded in conditional access descriptors of the program mapping table.30. The method of claim 25 wherein said content stream label and saidconditional access stream labels are MPEG PIDs.
 31. The method of claim25 wherein the first content data type is a video data type and thesecond content data type is not a video data type.
 32. A method,implemented by one or more processors, of adapting a head-end system forpreparing digital content comprising a sequence of content portions fortransmission to a plurality of receivers, the head-end system includinga content protection and content packaging system arranged to encryptand distribute said content portions into a plurality of transportstream packets, the method comprising: adding to the head-end system apre-processor arranged to generate at least first and second copies ofeach content portion, and coupling the pre-processor to the contentprotection and content packaging system such that each of the at leastfirst and second copies of each content portion is distributed into aseparate group of transport stream packets in a differently encryptedform, and all of the said transport stream packets for each contentportion are merged into an original transport stream; and adding to thehead-end system a post-processor arranged to de-multiplex and to reorderthe original transport stream to form a re-multiplexed transport streamin which transport stream packets containing parts of the same contentportion but being differently encrypted are not interleaved.
 33. One ormore tangible computer readable media comprising computer program codethat, when executed by a processor, causes the processor to preparedigital content for transmission to a plurality of receivers, thedigital content comprising a sequence of content portions, by:generating at least first and second copies of selected ones of saidcontent portions; distributing each of the at least first and secondcopies of each selected content portion in encrypted form into aseparate group of transport stream packets, each of the at least firstand second copies of each selected content portion distributed intotransport stream packets being differently encrypted to each other;merging all of the said transport stream packets for each selectedcontent portion into an original transport stream in which at least someof the transport stream packets deriving from the same content portionbut being differently encrypted are interleaved; and de-multiplexing andreordering the original transport stream to form a re-multiplexedtransport stream in which transport stream packets containing parts ofthe same content portion but being differently encrypted are notinterleaved.
 34. One or more tangible non-transitory computer readablemedia comprising computer program code that, when executed by aprocessor, causes the processor to modify a head-end system, the headend system being configured to prepare digital content comprising asequence of content portions for transmission to a plurality ofreceivers, the head-end system including a content protection andcontent packaging system arranged to encrypt and distribute said contentportions into a plurality of transport stream packets, by: adding to thehead-end system a pre-processor arranged to generate at least first andsecond copies of each content portion, and coupling the pre-processor tothe content protection and content packaging system such that each ofthe at least first and second copies of each content portion isdistributed into a separate group of transport stream packets in adifferently encrypted form, and all of the said transport stream packetsfor each content portion are merged into an original transport stream;and adding to the head-end system a post-processor arranged tode-multiplex and to reorder the original transport stream to form are-multiplexed transport stream in which transport stream packetscontaining parts of the same content portion but being differentlyencrypted are not interleaved.